/* * Copyright (c) Microsoft Corporation. All rights reserved. * Licensed under the MIT License. */ const fs = require('fs'); const crypto = require('crypto'); const express = require('express'); const msal = require('@azure/msal-node'); /** * If you have encrypted your private key with a *pass phrase* as recommended, * you'll need to decrypt it before passing it to msal-node for initialization. */ // Secrets should never be hardcoded. The dotenv npm package can be used to store secrets or certificates // in a .env file (located in project's root directory) that should be included in .gitignore to prevent // accidental uploads of the secrets. // Certificates can also be read-in from files via NodeJS's fs module. However, they should never be // stored in the project's directory. Production apps should fetch certificates from // Azure KeyVault (https://azure.microsoft.com/products/key-vault), or other secure key vaults. // Please see "Certificates and Secrets" (https://learn.microsoft.com/azure/active-directory/develop/security-best-practices-for-app-registration#certificates-and-secrets) // for more information. const privateKeySource = fs.readFileSync('./certs/example.key'); const privateKeyObject = crypto.createPrivateKey({ key: privateKeySource, passphrase: "2255", // enter your certificate passphrase here format: 'pem' }); const privateKey = privateKeyObject.export({ format: 'pem', type: 'pkcs8' }); // Before running the sample, you will need to replace the values in the config const config = { auth: { clientId: "3cdfac60-e7fb-4648-89d3-67966c497d35", //Client ID authority: "https://login.microsoftonline.com/538b9b1c-23fa-4102-b36e-a4d83fc9c4c1", //Tenant ID clientCertificate: { thumbprint: 'DD79B973F2D634840948970C712907DF4423C982', // can be obtained when uploading certificate to Azure AD privateKey: privateKey, } }, system: { loggerOptions: { loggerCallback(loglevel, message, containsPii) { console.log(message); }, piiLoggingEnabled: false, logLevel: msal.LogLevel.Verbose, } } }; // Create msal application object const cca = new msal.ConfidentialClientApplication(config); // Create Express app const app = express(); app.use(express.urlencoded({ extended: false })); app.get('/', (req, res) => { const authCodeUrlParameters = { scopes: ["user.read"], redirectUri: "http://localhost:3000/redirect", responseMode: 'form_post', }; // get url to sign user in and consent to scopes needed for application cca.getAuthCodeUrl(authCodeUrlParameters).then((response) => { console.log(response); res.redirect(response); }).catch((error) => console.log(JSON.stringify(error))); }); app.post('/redirect', (req, res) => { const tokenRequest = { code: req.body.code, scopes: ["user.read"], redirectUri: "http://localhost:3000/redirect", }; cca.acquireTokenByCode(tokenRequest).then((response) => { console.log("\nResponse: \n:", response); res.status(200).send('Congratulations! You have signed in successfully'); }).catch((error) => { console.log(error); res.status(500).send(error); }); }); const SERVER_PORT = process.env.PORT || 3000; app.listen(SERVER_PORT, () => { console.log(`Msal Node Auth Code Sample app listening on port ${SERVER_PORT}!`) });